backup

package

v0.14.2 Latest Latest Go to latest Published: Apr 22, 2026 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/marmos91/dittofs

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Backupable
type Clock
type PayloadIDSet
- func NewPayloadIDSet() PayloadIDSet
type RealClock
- func (RealClock) Now() time.Time

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrBackupAborted = errors.New("backup aborted")

ErrBackupAborted is returned when Backup is interrupted mid-stream by context cancellation or an unrecoverable engine error. The writer is left in a partial state — callers (Phase 3 destinations) must either discard the partial archive (tmp+rename, multipart abort) or treat it as corrupt. No recovery / resume semantics are offered.

View Source

var ErrBackupUnsupported = errors.New("backup not supported by this metadata store")

ErrBackupUnsupported is returned by capability checks when a metadata store does not implement Backupable (ENG-04).

View Source

var ErrRestoreCorrupt = errors.New("restore stream is corrupt")

ErrRestoreCorrupt is returned when the backup stream cannot be decoded: truncated archive, bit-flipped bytes, invalid frame, unknown tar entry, failed gob decode, etc. Drivers wrap the underlying decode error with fmt.Errorf("%w: %v", ErrRestoreCorrupt, cause) so callers can match via errors.Is while preserving the concrete cause for operator logs.

View Source

var ErrRestoreDestinationNotEmpty = errors.New("restore destination is not empty")

ErrRestoreDestinationNotEmpty is returned by Restore implementations when the destination store contains pre-existing data (D-06). Phase 2 drivers refuse to overwrite live data as a defense-in-depth measure — Phase 5's restore orchestrator owns all destructive prep (swap-under-temp-path, DROP+CREATE schema, fresh empty store construction) before calling Restore. A direct Restore call against a populated store is a bug and must fail loudly.

View Source

var ErrSchemaVersionMismatch = errors.New("restore archive schema version mismatch")

ErrSchemaVersionMismatch is returned by the Postgres driver when the archive's schema_migrations version does not match the current binary's migration set. Memory and Badger drivers do not produce this error (they use format_version in their per-engine headers instead).

Functions ¶

This section is empty.

Types ¶

type Backupable ¶

type Backupable interface {
	// Backup streams a consistent snapshot of the store to w. The returned
	// PayloadIDSet records every block PayloadID referenced by the snapshot
	// at the moment of capture; consumers place a GC hold on the referenced
	// payloads (SAFETY-01) until the backup is durably committed.
	Backup(ctx context.Context, w io.Writer) (PayloadIDSet, error)

	// Restore reloads the store from r. The caller MUST guarantee the store
	// is drained (no active shares) before invoking Restore; implementations
	// are not required to enforce this.
	Restore(ctx context.Context, r io.Reader) error
}

Backupable is the capability interface opted into by metadata stores that support streaming backup and restore.

Capability is checked via Go type assertion at call sites:

if b, ok := store.(Backupable); ok {
    ids, err := b.Backup(ctx, w)
    ...
}

Stores that cannot support backup/restore (for example, future read-only or virtual stores) simply do not implement the interface; callers surface ErrBackupUnsupported to operators (ENG-04). No runtime registry exists — the binding is compile-time.

Implementations are provided in Phase 2 (memory, badger, postgres). This package only defines the contract.

type Clock ¶

type Clock interface {
	Now() time.Time
}

Clock is an injectable time source. Tests inject a fake clock so time-dependent assertions are deterministic.

type PayloadIDSet ¶

type PayloadIDSet map[string]struct{}

PayloadIDSet is the set of block PayloadIDs referenced by a snapshot. Used by the block-GC hold path (SAFETY-01).

func NewPayloadIDSet ¶

func NewPayloadIDSet() PayloadIDSet

NewPayloadIDSet constructs an empty, non-nil PayloadIDSet ready for Add.

func (PayloadIDSet) Add ¶

func (s PayloadIDSet) Add(id string)

Add inserts id into the set. Calling Add on a nil set panics — use NewPayloadIDSet to construct a writable instance.

func (PayloadIDSet) Contains ¶

func (s PayloadIDSet) Contains(id string) bool

Contains reports whether id is present. Safe on a nil set (returns false).

func (PayloadIDSet) Len ¶

func (s PayloadIDSet) Len() int

Len returns the number of distinct IDs. Safe on a nil set (returns 0).

type RealClock ¶

type RealClock struct{}

RealClock returns the current UTC time.

func (RealClock) Now ¶

func (RealClock) Now() time.Time

Now returns time.Now().UTC().

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
destination Package destination provides the driver contract for publishing backup archives to a backing store (local FS, S3).	Package destination provides the driver contract for publishing backup archives to a backing store (local FS, S3).
builtins Package builtins wires the two built-in destination drivers (fs, s3) into the destination.Registry.	Package builtins wires the two built-in destination drivers (fs, s3) into the destination.Registry.
destinationtest Package destinationtest is a cross-driver conformance suite for destination.Destination.	Package destinationtest is a cross-driver conformance suite for destination.Destination.
fs Package fs implements the local-filesystem Destination driver per Phase 3 CONTEXT.md D-03 (atomic-rename publish) and D-14 (0600 files / 0700 dirs, no chown, auto-created repo root, remote-FS warning).	Package fs implements the local-filesystem Destination driver per Phase 3 CONTEXT.md D-03 (atomic-rename publish) and D-14 (0600 files / 0700 dirs, no chown, auto-created repo root, remote-FS warning).
s3 Package s3 provides an S3-backed destination.Destination implementation.	Package s3 provides an S3-backed destination.Destination implementation.
errors Package errors defines the stable, machine-readable error taxonomy surfaced by backup endpoints (#414).	Package errors defines the stable, machine-readable error taxonomy surfaced by backup endpoints (#414).
executor Package executor orchestrates one backup attempt end-to-end.	Package executor orchestrates one backup attempt end-to-end.
manifest Package manifest implements the v1 backup manifest format (SAFETY-03).	Package manifest implements the v1 backup manifest format (SAFETY-03).
restore Package restore implements the Phase 5 restore orchestration: side- engine open at a temp path, Backupable.Restore into the fresh engine, atomic swap via stores.Service, and post-swap cleanup.	Package restore implements the Phase 5 restore orchestration: side- engine open at a temp path, Backupable.Restore into the fresh engine, atomic swap via stores.Service, and post-swap cleanup.
scheduler Package scheduler provides store-agnostic scheduler primitives for periodic backup runs: cron-based firing with CRON_TZ timezone support (via robfig/cron/v3), stable per-repo phase offset (FNV-1a jitter, D-03), per-repo overlap guard (D-07), and strict schedule validation (D-06).	Package scheduler provides store-agnostic scheduler primitives for periodic backup runs: cron-based firing with CRON_TZ timezone support (via robfig/cron/v3), stable per-repo phase offset (FNV-1a jitter, D-03), per-repo overlap guard (D-07), and strict schedule validation (D-06).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL